Large firms 'wising up' to aggressive disruption attacks

Four out of ten large enterprises will have formal plans in place by 2018 to tackle highly-aggressive, business-disrupting attacks.

A growing number of large enterprises are expected to put formal plans in place to help them tackle the problem of highly-aggressive cyber attacks that aim to cause disruption to their business.

This is according to new figures from Gartner, which found that although the frequency of such large-scale attacks remains low, companies are increasingly worried about the effect such an issue would have on their operations.

Some 40 per cent of large enterprises stated they expect to have formal processes in place to handle this by 2018 - up from zero that will have such systems by the end of this year.

Large-scale business disruption attacks will require a new way of thinking about cyber security, as such activities can lead to prolonged disruption to key business processes - both internally and externally.

Paul Proctor, vice-president and distinguished analyst at Gartner, explained the research firm defines aggressive business disruption attacks as targeted attacks that are able to reach deeply into internal digital business operations for the express purpose of widespread business damage.

"Servers may be taken down completely, data may be wiped and digital intellectual property may be released on the internet by attackers," he explained. "Victim organisations could be hounded by media inquiries for response and status, and government reaction and statements may increase the visibility and chaos of the attack."

This could be hugely damaging for firms in a number of ways. As well as employees being unable to function normally for weeks or even months, the exposure of sensitive information such as customer financial details can result in a huge hit to a company's reputation, as well as open up a business to enforcement action from regulators.

Therefore, it will be vital for chief information security officers (CISOs) at large firms to alter their approach, pivoting away from blocking attacks to a strategy that focuses on detecting intrusions and responding to them quickly.

Mr Proctor said that with the growing complexity of large enterprises, and technologies such as the Internet of Things greatly increasing the potential attack surface for cyber criminals, it will not be possible for businesses to create defences that do not include some degree of compromise. This means firms need to think very carefully about where they focus their efforts.

"Preventive controls, such as firewalls, antivirus and vulnerability management, should not be the only focus of a mature security program," he said. "Balancing investment in detection and response capabilities acknowledges this new reality."

Such steps will be particularly important as customers expectations for the services they receive from companies are not higher than ever. Digital businesses will require companies to be always available, so any interruption to services at any point can mean transactions are not completed, thereby negatively affecting customer allegiance and the revenue stream expected from the digital business offering.

Therefore, the standard of due care for security program maturity will increase, with risk, security and business continuity managers leaders coming under more pressure than ever before, Gartner said.

It will therefore be important for CISOs to explain to executives the importance of shifting their thinking away from traditional approaches towards risk and security. Mr Proctor added: "Security is not a technical problem, handled by technical people, buried somewhere in the IT department. Organisations need to start solving tomorrow's problems now."